cancel
Showing results for 
Search instead for 
Did you mean: 
chvgms
Level 7

Transit group deployment

Hi,

I have 2 clusters ( one cluster with 2*4500C for production and 2*4500B for MCP). Currently both are operating as independent clusters i.e traditional proxy cluster (with one being director and the other being scanning node).

I want the configuration on both clusters to be in sync always i.e whenever a policy change is done on prod, changes should reflect to MCP cluster to avoid manual work. FYI, i dont have any central management server to manage these 2 independent clusters.

Planning to implement Transit group mode deployment, let me know if it is recommended or not.

attached the design for reference.

Thanks,

Sridhar

0 Kudos
4 Replies
McAfee Employee

Re: Transit group deployment

Hi Sridhar,

That should work just fine, for this scenario it would also be ok if all nodes talked to each other too. But if you want to control the communication, then creating a transit group will work just fine.

Best,

Jon

0 Kudos
chvgms
Level 7

Re: Transit group deployment

thanks Jon for the quick response. All nodes are on the same VLAN and bidirectional communication is in place. The 2 clusters have different cluster identifiers as both are residing on same subnet/VLAN. Hope this is not a show stopper. Also does all nodes should be running the same version to implement transit mode? Bcoz in my scenario, prod cluster boxes are running 7.5.2.2.0 and MCP cluster boxes are running 7.4.2.2.0.

0 Kudos
McAfee Employee

Re: Transit group deployment

So long as they can talk to each other, it doesnt matter. However all nodes should be on the same version if they exist in the cluster.

The appliance model doesnt matter.

Were you able to review the central management best practice?

Best Regards,

Jon

0 Kudos
chvgms
Level 7

Re: Transit group deployment

Hi Jon,

Can i take backup of 4500C cluster and restore on 4500B cluster though they are running different versions?

0 Kudos